Recently, there is a latest automated malware attack where it has been a threat that been hit around 1,000 unprotected databases such as ElasticSearch. The attack will begin with the scanning activity which it will be without compromise the account control and overwriting any content that stored inside the database.
Tens of thousands from databases such as MongoDB and ElasticSearch instance have been compromised by Krakeno malware previously around in 2017, which cause havoc by widespread loss of data.
Bob Diachenko’s expertise would be in data breach research have discovered the ‘Meow’ bot had overwritten the information within ElasticSearch instance when he had been looking into any virtual network providers
One threat researchers which only known as ‘heige‘, a Chinese CyberSecurity firm KnowSec have found from ZoomEye (A search engine that uses the same function as Shodan) which resulting a similar attack
Below is the sample of the ‘meow’ incident where the index has been modified -meow for the files.
Recently, Victor Gevers, the chairman of the non-profit GDI Foundation, is another people that notice the ‘meow’ attack pattern which happens a few hours after a volunteer from GDI has reported and disclosed the attack to the stakeholders of the database.
A scan result from Shodan website that been done by Diachenko have showed over 500 open instance of ElasticSearch around the world which been hosted by Amazon Web Service, Azure, Google Cloud and so on. Some of the instance is also notified hosted within Australia.